AMENDMENT AND RESPONSE UNDER 37 CFR § 1.111 Page 12 

Serial Number: 10/017,835 Dkt: 884.437US1 

Filing Date: December 12, 2001 

Title: IDENTITY AUTHENTICATION PORTFOLIO SYSTEM 



REMARKS 

This responds to the Office Action mailed on August 23, 2007. 

Claims 1, 7, 13, 27 and 41 are amended, claim 47 is canceled, and claims 56-58 are 
added; as a result, claims 1, 3-22, 24-27, 29-44, 48 and 53-58 now pending in this application, 
with claims 4, 6-22, 24, 25, 29-35, 40-43 and 53-55 withdrawn from consideration at this time. 

The amendments to the claims have been to clarify the claims and are not intended to 
limit the scope of equivalents to which any claim element may be entitled. The amendments to 
the claims and new claims have support throughout the specification, including in paragraphs 18, 
19 and 20. No new matter has been added as a result. Applicant respectfully requests 
reconsideration of the above-identified application in view of the amendments above and the 
remarks that follow. 

As the Examiner noted in the Restriction Requirement mailed on January 18, 2007, 
claims 1,7, 13, 27 and 41 are generic claims. Under 37 CFR 1.41, a generic claim may link a 
reasonable number of species. See MPEP 809.02. Linking claims must be examined with the 
elected claims, and should the linking claim be allowed, rejoinder of the inventions must be 
permitted. MPEP 809. 

Interview Summary 

Applicant thanks Examiner Cristina O. Sherr for the courtesy of a telephone interview on 
December 12, 2007, with Applicant's Representative, Barbara J. Clark. The outstanding rejection 
was discussed. No specific agreement as to claim language was reached, although the Examiner 
suggested that further clarification of the flexible nature of the method may be helpful. Examiner 
Sherr further agreed to contact Ms. Clark prior to the next Official Communication should a 
Notice of Allowance not be forthcoming. Ms. Clark thanks Examiner Sherr for the courtesies 
extended during the interview. 

§ 103 Rejection of the Claims 
Claims 1, 3, 5, 27, 30, 36-39, 44, 47 and 48 were rejected under 35 USC § 103(a) as 
being unpatentable over Misra et al. (U.S. 5,999,71 1) in view of Elander et al. (U.S. 4,500,750). 
Claim 47 has been canceled thus rendering the rejection moot as to this claim. 
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The Examiner is requested to see the Amendment and Response mailed on June 11, 2007, 
for a statement of the applicable law, which is to be considered as if fully set for herein. 

The Examiner states that the references teach various elements of the claims and further 
states on page 2, that in Misra, the user or relying party is selecting at least two authentication 
mechanisms to input from a set of authentication mechanisms. Applicant respectfully traverses 
these assertions. 

Misra discusses a method and system for providing certificates holding authentication 
and authorization information for users/machines. If proper authentication is received, the 
principal is allowed to log on to the distributed system. In contrast to the statement on page 2, 
the Examiner admits, on page 3, that Misra does not disclose authenticating the user identity 
through at least two authentication mechanisms. 

Elander does not overcome the deficiencies of the primary reference. Elander discusses a 
cryptographic application for interbank verification which utilizes a fixed verification system of 
encryption and decryption. The Examiner previously admitted in the Office Action mailed on 
June 19, 2006 that Elander does not disclose the user or relying party selecting the authentication 
from the set of authentication mechanisms, wherein a flexible authentication process is provided. 
However, the Examiner now concludes on page 3 of the Office Action, that Elander does 
disclose authenticating the user identity through at least two authentication mechanisms and that 
"it makes sense to extend that choice [of whether or not to authenticate at all] to include which 
authentication to use." Applicant respectfully traverses the conclusory statements in the present 
Office Action and suggests that the Applicant's specification has been used as a roadmap to 
formulate the current rejection. 

Applicant respectfully submits that neither Misra nor Elander, alone or in combination, 
teach or suggest the methods as taught by Applicant and claimed in claims 1 and 27, as amended. 
Applicant explicitly teaches and claims in claim 1 , as amended, a method of providing an 
authentication service, comprising with an authentication server, relating a user identity to a set 
of authentication mechanisms, the user identity belonging to a user; relating a type of transaction 
with a relying party to a level of authentication, the relying party reliant on the authentication 
service to authenticate the user before user access is provided to its service, program or 
information; the user or relying party selecting at least two authentication mechanisms to input 
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from the set of authentication mechanisms according to the level of authentication associated 
with the type of transaction, the at least two authentication mechanisms selected from known 
secrets, stored secrets, biometrics and combinations thereof, wherein a flexible authentication 
process is provided; and authenticating the user identity through the at least two authentication 
mechanisms, wherein the user is granted or denied access to the service, program or information 
provided by the relying party. Applicant also explicitly teaches and claims in claim 27, as 
amended, a method of providing an authentication service, comprising with an authentication 
server, providing a list of supported authentication methods to authenticate at least one user; 
receiving requirements for an authentication level from at least one relying party, the at least one 
relying party reliant on the authentication service to authenticate the at least one user before user 
access is provided to its service, program or information; receiving a selection of at least two 
authentication methods from the at least one user, the at least two authentication mechanisms 
selected from known secrets, stored secrets, biometrics and combinations thereof, wherein a 
flexible authentication process is provided and the selection can include a subset of the list of 
supported authentication methods; receiving identification information for the at least one user; 
producing a portfolio associated with the at least one user, the portfolio comprising the list of 
authentication methods, each authentication method in the portfolio meeting the selection of the 
at least one user, each authentication method in the portfolio supported by an authentication 
system, the list of authentication methods meeting the requirements for the authentication level 
from the at least one relying party; and relating the identification information to the portfolio for 
the at least one user. 

Therefore, the current Office Action has failed to meet the burden under 35 U.S.C. §103 
to establish a prima facie case of obviousness as required by the MPEP and In re Fine. Only 
conclusory assertions have been made, without articulating the reasoning for making the 
combination, i.e., the combination has no rational underpinning as required. 

There is also no reasonable expectation of success with the proposed combination. 

An additional requirement of the prima facie case is that the references must teach or 
suggest all the claim limitations. Neither reference teaches or suggests, for example, the user or 
relying party selecting at least two authentication mechanisms to input from the set of 
authentication mechanisms according to the level of authentication associated with the type of 
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transaction, the at least two authentication mechanisms selected from known secrets, stored 
secrets, biometrics and combinations thereof, wherein a flexible authentication process is 
provided, as recited in claims 1 and 27, as amended. Since all of the elements of the claims are 
not found in the references, Applicant assumes the Examiner is taking official notice of the 
missing elements from an undisclosed source. Applicant respectfully objects to the taking of 
official notice, and pursuant to MPEP 2144.03, Applicant traverses the assertion of official 
notice and requests that the Examiner cite a reference that teaches the missing element. If the 
Examiner cannot cite a reference that teaches the missing element, Applicant respectfully 
requests that the Examiner provide an affidavit that describes how the missing element is present 
in the prior art. If the Examiner cannot cite a reference or provide an affidavit, Applicant 
requests withdrawal of the rejection and reconsideration and allowance of the claims. 

The differences between the prior art and the claims at issue must also be considered as 
required by Graham v. John Deere Co. of Kansas City, supra . For example, there is no indication 
of any appreciation of the problem being solved by Applicant's invention. Misra is seeking to 
solve the problem of providing a secure system which supports roaming users or roaming 
machines. The solution includes avoiding replication of credentials across the system using a 
fixed authentication process which either grants or denies a request to log on or connect to a 
distributed system. Elander is seeking to solve the problem of providing a secure process of 
verifying the identity of a terminal user. The solution primarily includes translating information 
from encryption under one transfer key to encryption under another transfer key, where the keys 
may not be selectively used interchangeably (See col. 3, lines 15-21). Both methods are fixed 
authentication systems. In contrast, Applicant is seeking to solve at least the problem of 
providing a flexible authentication process. The solution includes, in part, the user or relying 
party selecting at least two authentication mechanisms to input from the set of authentication 
mechanisms according to the level of authentication associated with the type of transaction, the 
at least two authentication mechanisms selected from known secrets, stored secrets, biometrics 
and combinations thereof. 

The Examiner is requested to note that a password is one example of a type of 
authentication mechanism, specifically, a stored secret. (See specification at page 12, par 22). 
The ability to change a password is not the equivalent of being able to change an authentication 
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mechanism. The ability to change a password merely refers to the ability to change the specifics 
of a single type of authentication mechanism, i.e., a stored secret, which Applicant is not 
claiming. Applicant is the first, however, to provide a solution which provides a flexible 
authentication process allowing, "the user or relying party selecting at least two authentication 
mechanisms to input from the set of authentication mechanisms according to the level of 
authentication associated with the type of transaction, the at least two authentication mechanisms 
selected from known secrets, stored secrets, biometrics and combinations thereof," as recited, in 
part, in claim 1, as amended. 

Regarding claims 3, 36-39 and 5, mentioned separately on page 3 of the Office Action, 
Applicant traverses these statements and again notes that these claims are dependent claims 
which depend on independent claim 1 or 27, which are allowable for all the reasons stated 
herein. 

The references neither independently, or combined, contain each and every element of 
Applicant's claimed invention as required. Applicant respectfully submits that independent 
claims 1 and 27, and the claims that depend therefrom are patentably distinct from the cited 
references, either alone or in combination. Claims 1, 3, 5, 27, 30, 36-39, 44, and 48, each viewed 
as a whole, are not suggested by the cited references and not obvious under 35 USC 103(a). 

Reconsideration and withdrawal of this rejection is respectfully requested. 



RESERVATION OF RIGHTS 

Applicant reserves the right to swear behind any cited reference such as provided under 
37 C.F.R. § 1.131 or otherwise, or the right to assert co-ownership of any cited reference. 
Applicant does not admit that any of the cited references or any other references of record are 
relevant to the present claims, or that they constitute prior art. To the extent that any rejection or 
assertion is based upon the Examiner's personal knowledge, rather than any objective evidence 
of record as manifested by a cited prior art reference, Applicant timely objects to such reliance 
on Official Notice, and reserves all rights to request that the Examiner provide a reference or 
affidavit in support of such assertion, as required by MPEP § 2144.03. Applicant reserves all 
rights to pursue any cancelled claims in a subsequent patent application claiming the benefit of 
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priority of the present patent application, and to request rejoinder of any withdrawn claim, as 
required by MPEP § 821.04. 



Applicant respectfully submits that the claims are in condition for allowance and 
notification to that effect is earnestly requested. The Examiner is invited to telephone 
Applicant's attorney (515-233-3865) to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743. 



CONCLUSION 



Respectfully submitted, 



ERNIE F. BRICKELL ET AL. 



By their Representatives, 

SCHWEGMAN, LUNDBERG & WOESSNER, P. A. 
P.O. Box 2938 

Minneapolis, Minnesota 55402 



515-233-3865 




Barbara J. Clark/ 

Reg. No. 38,107 



